NTPv4 steps for AES128CMAC authentication

Shamsher singh meetshamsher at gmail.com
Mon Jun 21 06:34:31 UTC 2021 

Hi,
Can you please share the test steps to validate AES128CMAC authentication for NTPv4  ?

Thanks & regards
Shamsher Singh

> On 16-Jun-2021, at 5:30 PM, freebsd-security-request at freebsd.org wrote:
> 
> Send freebsd-security mailing list submissions to
> 	freebsd-security at freebsd.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.freebsd.org/mailman/listinfo/freebsd-security
> or, via email, send a message with subject or body 'help' to
> 	freebsd-security-request at freebsd.org
> 
> You can reach the person managing the list at
> 	freebsd-security-owner at freebsd.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: ntpv4 steps for AES128CMAC authentication (Shamsher singh)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 15 Jun 2021 20:13:10 +0530
> From: Shamsher singh <meetshamsher at gmail.com>
> To: freebsd-security at freebsd.org
> Subject: Re: ntpv4 steps for AES128CMAC authentication
> Message-ID: <CF5D1BCA-7CA0-4873-AE93-D687D8C2FEF0 at gmail.com>
> Content-Type: text/plain;	charset=us-ascii
> 
> Hi,
> Just for info the openssl shows below also support in my system:
> 
> # openssl -v
> openssl:Error: '-v' is an invalid command.
> 
> Standard commands
> asn1parse         ca                ciphers           cms               
> crl               crl2pkcs7         dgst              dh                
> dhparam           dsa               dsaparam          ec                
> ec                ecparam           ecparam           enc               
> engine            errstr            gendh             gendsa            
> genpkey           genrsa            nseq              ocsp              
> passwd            pkcs12            pkcs7             pkcs8             
> pkey              pkeyparam         pkeyutl           prime             
> rand              req               rsa               rsautl            
> s_client          s_server          s_time            sess_id           
> smime             speed             spkac             srp               
> ts                verify            version           x509              
> 
> Message Digest commands (see the `dgst' command for more details)
> md2               md4               md5               mdc2              
> rmd160            sha               sha1              
> 
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
> aes-256-cbc       aes-256-ecb       base64            bf                
> bf-cbc            bf-cfb            bf-ecb            bf-ofb            
> camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
> camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
> cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
> des               des-cbc           des-cfb           des-ecb           
> des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
> des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
> des-ofb           des3              desx              idea              
> idea-cbc          idea-cfb          idea-ecb          idea-ofb          
> rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
> rc2-cfb           rc2-ecb           rc2-ofb           rc4               
> rc4-40            seed              seed-cbc          seed-cfb          
> seed-ecb          seed-ofb          zlib   
> 
>> On 14-Jun-2021, at 10:57 PM, Shamsher singh <meetshamsher at gmail.com> wrote:
>> 
>> Hi,
>> I have taken latest NTPv4 from https://www.freshports.org/net/ntp/ <https://www.freshports.org/net/ntp/>
>> I am able to test MD5 and SHA authentication. But not able to test AES128CMAC.
>> 
>> For all test used below parts:
>> Added keys for MD5, SHA1 and AES128MAC 
>> Ref: used from http://doc.ntp.org/current-stable/keygen.html <http://doc.ntp.org/current-stable/keygen.html>
>> 
>> Example:
>> 1 MD5 <xyz>
>> 2 SHA1 <Xyz>
>> 3 AES128CMAC <XYZ>
>> ...
>> at /etc/ntp.keys in client and /etc/ntp/keys in server.
>> 
>> 
>> I am able to see authentication working fine for Md5 and SHA1 using 
>> ntpdate -d -a 1 <ntp server ip>    --> working fine
>> ntpdate -d -a 2 <ntp server ip>    --> working fine
>> ntpdate -d -a 3 <net server ip>    --> fails
>> 
>> The 1st two passes easily but 3rd one fails for AES128CMAC.
>> It seems i am missing something here to test/validate it.
>> 
>> Can you please tell/guide me the steps how can i test it?
>> I am using below NTP version :
>> # ntpd --version
>> ntpd 4.2.8p15 at 1.3728-o <mailto:4.2.8p15 at 1.3728-o> Wed Jun  2 11:00:34 UTC 2021 (1)
>> 
>> Thanks & regards
>> Shamsher
>> 
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> 
> 
> ------------------------------
> 
> End of freebsd-security Digest, Vol 756, Issue 2
> ************************************************

More information about the freebsd-security mailing list